Privacy Policy
Last updated: 1 May 2026
This Privacy Policy is a general notice for users of our website, dashboards, APIs, and related services. It is not legal advice. Rights vary by country; see our data protection authorities schedule for supervisory bodies in markets where we support VAS products. Contractual terms may also apply under our Terms of Service.
1. Who we are
PayBitt Technologies Limited (“PayBitt”, “we”, “us”, “our”) provides payment technology, merchant software, and related infrastructure. Our registered office is in Accra, Ghana. For privacy matters contact privacy@paybitt.com.
2. Scope
This policy applies when you visit our website, create or use a merchant or admin account, integrate our APIs, use value-added services (such as airtime or data where offered), or otherwise interact with us online or through support channels.
3. Information we collect
We may process:
- Identity and contact data — name, email, phone, address, company name, role, marketing preferences.
- Account and technical data — login identifiers, device and browser data, IP address, API keys (hashed or stored securely), audit logs.
- Transaction and commercial data — payment references, amounts, currency, timestamps, correlation IDs, limited counterparty information needed to settle with partners.
- Verification data — documents and attributes required for KYC/AML and fraud prevention when you or your business use regulated features.
- Communications — messages you send to support or sales, call recordings where legally permitted and disclosed.
4. Sources
Data comes from you, your authorised personnel, integrated systems you connect, our banking and payment partners, identity and fraud tools where used, and automated logging of service usage.
5. Purposes and legal bases
We process personal data to: deliver and secure our services; authenticate users; reconcile transactions with partners; comply with AML, sanctions screening, and regulatory reporting; operate analytics in aggregated or pseudonymous form where appropriate; communicate service and security notices; enforce Terms and investigate abuse; and improve reliability and performance. Depending on jurisdiction, we rely on contract, legal obligation, legitimate interests (balanced against your rights), or consent where required.
6. Automated decisions
We may use automated checks (including risk scoring) for fraud and compliance. Where local law grants you rights regarding solely automated decisions with legal effect, you may contact us to request human review where applicable.
7. Cookies and similar technologies
We use cookies and similar technologies for session security, preferences, and analytics. You can control cookies through your browser; some features may not work if essential cookies are disabled.
8. Sharing
We share data with subprocessors such as cloud hosting providers, payment schemes, banks, PSPs, messaging channels, and support tooling under written agreements. We do not sell personal information. We disclose information when required by law, to respond to lawful requests, or to protect life, safety, rights, or property.
9. International transfers
Where data leaves your country, we implement safeguards recognised under applicable law (such as adequate protection decisions, standard contractual clauses, or supplementary measures). Details can be provided on request for enterprise customers.
10. Retention
We keep data only as long as needed for the purposes above, including statutory retention for financial and AML records. When retention ends, we delete or anonymise data subject to backup rotation cycles.
11. Security
We apply technical and organisational measures described in our Information Security Policy. No method of transmission over the Internet is completely secure.
12. Your rights
You may have rights to access, rectify, erase, restrict, object, or port your data, and to withdraw consent where processing was consent-based. Exemptions may apply (e.g. ongoing legal claims, AML duties). Contact privacy@paybitt.com. You may also complain to a supervisory authority listed in our authority schedule.
13. Children
Our services are directed at businesses and adults. We do not knowingly collect personal information from children without appropriate consent.
14. Changes
We may update this policy; the “Last updated” date will change. Material changes may be communicated through the dashboard or email where appropriate.